[Your Business Name]

Privacy Policy

Last Updated: [Date, e.g., January 25, 2024]

1. Introduction

Welcome to [Your Business Name] ("we," "our," "us"). We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website [Your Website URL], use our mobile application, or interact with our services (collectively, the "Services").

We comply with the Data Protection Act, No. 24 of 2019 of the Laws of Kenya and all other relevant laws and regulations. By using our Services, you consent to the data practices described in this policy.

2. Information We Collect

We may collect the following types of information:

A. Personal Information You Provide: This includes information you give us when you create an account, make a purchase, or contact us. Examples include:

  • Full Name, Email Address, Phone Number
  • Physical Address (Billing & Shipping)
  • Payment Information (e.g., M-Pesa details, credit card number processed by a secure third-party gateway)
  • Identity Documentation (e.g., ID Number or Passport Number, if required by law for your transaction)

B. Information Collected Automatically: When you use our Services, we may automatically collect:

  • Usage Data: Pages you visit, time spent on pages, clickstream data.
  • Device Information: IP address, browser type, device type, operating system.
  • Location Data: General location derived from your IP address.

We collect this using cookies and similar tracking technologies. You can control cookies through your browser settings.

3. How We Use Your Information

We use your information for the following purposes:

  • To process your orders and deliver products/services.
  • To create and manage your account.
  • To communicate with you about orders, services, and promotions.
  • To provide customer support and respond to your inquiries.
  • To analyze and improve our Services, website, and user experience.
  • To prevent fraud and enhance the security of our Services.
  • To comply with legal obligations under Kenyan law.

5. How We Share Your Information

We may share your information with trusted third parties only in the ways described below:

  • Service Providers: We share data with companies that provide services on our behalf, such as payment processing (e.g., Pesapal, Flutterwave), shipping (e.g., Sendy, Courier), email delivery, and data analysis. These partners are contractually prohibited from using your information for any other purpose.
  • Legal Requirements: We may disclose information if required to do so by law or in response to a valid request by a public authority (e.g., a court or government agency in Kenya).
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred to the new entity.

We do not sell or rent your personal information to third parties for their marketing purposes.

6. Data Retention

We will retain your personal data only for as long as is necessary to fulfill the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements under Kenyan law. For example, we retain transaction data for at least 7 years to comply with tax regulations. After this period, your data will be securely deleted or anonymized.

7. Your Rights Under Kenyan Law

As a data subject under the Kenyan Data Protection Act, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request that we correct any inaccurate or incomplete data.
  • Right to Erasure (Right to be Forgotten): You can request that we delete your personal data under certain circumstances.
  • Right to Restrict Processing: You can request that we temporarily or permanently stop processing all or some of your personal data.
  • Right to Data Portability: You can request a structured, commonly used, and machine-readable copy of your data to transfer to another service.
  • Right to Object: You can object to the processing of your personal data for direct marketing purposes.

To exercise any of these rights, please contact us using the details provided in the "Contact Us" section below. We will respond to your request within the timeframe required by Kenyan law.

8. Data Security

We implement appropriate technical and organizational security measures designed to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption (SSL/TLS), secure servers, and access controls. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee its absolute security.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

10. Contact Us & Data Controller

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you can contact our Data Protection Officer at:

[Your Business Name]
Email: [Your Email Address e.g., privacy@yourcompany.co.ke]
Phone: +91 9001861147
Physical Address: H. NO. 17, PUB JYOTI NAGAR, BAMUNIMAIDAM, Kamrup Metropolitan, Assam, 781021

You also have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) of Kenya if you believe we have not complied with the data protection laws.

ODPC Contact Details:
Website: www.odpc.go.ke
Email: complaints@odpc.go.ke